Steel Connect, Inc. 10-K Cybersecurity GRC - 2024-11-06

Page last updated on November 6, 2024

Steel Connect, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-06 16:23:24 EST.

Filings

10-K filed on 2024-11-06

Steel Connect, Inc. filed a 10-K at 2024-11-06 16:23:24 EST
Accession Number: 0001628280-24-045740

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C.- CYBERSECURITY The Audit Committee (“Audit Committee”) of the Company’s Board of Directors (the “Board”) is involved in the oversight of the Company’s enterprise risk management program, including risks of cybersecurity threats. In general, the Company seeks to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on ensuring the implementation of effective and efficient controls, technologies, and other processes to assess, identify, prevent and mitigate cybersecurity threats and effectively respond to cybersecurity incidents when they occur. Cybersecurity risk management and strategy As one of the critical elements of the Company’s overall enterprise risk management approach, the Company’s cybersecurity program includes: - Collaboration: Through ongoing communications with management and the IT department of Steel Holdings, the Company’s IT department monitors the prevention, detection, mitigation and remediation of cybersecurity threats and incidents applicable to the particular operating company in real time, and reports such threats and incidents to the Data Breach Response Team, who will then report to the Audit Committee when appropriate. - Technical Safeguards: The Company deploys technical safeguards that are designed to protect the Company’s information systems from cybersecurity threats and such safeguards are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence. - Managed Security Service Provider (“MSSP”): The Company has an Agreement in place with a third-party managed security service provider. They provide strategic and technical services helping our business manage cyber risk and improve security posture. - Incident Response and Recovery Planning: The Company has established and maintains comprehensive incident response and recovery plans that address the Company’s response to a cybersecurity incident. The Company has adopted a Cybersecurity Incident Policy and has established a Data Breach Response Team to timely, consistently, and compliantly address cybersecurity threats that may occur despite the Company’s safeguards. - Outside Consultants: The Company engages various outside consultants, including forensic specialists, public relations and data breach resolutions firms, outside attorneys and other third parties, to among other things, obtain information of a cybersecurity incident and isolate compromised systems and electronic data from further exposure; and determine and execute mitigation and remediation options and plans. - Education and Awareness: The Company provides awareness training to its personnel regarding cybersecurity threats to help identify, avoid and mitigate cybersecurity threats, and to communicate the Company’s evolving information security policies, standards, processes and practices. Cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected the Company or its financial position, results of operations and/or cash flows. Governance As discussed above, the Board has delegated to the Audit Committee the responsibility for monitoring and overseeing the Company’s overall cybersecurity and other information technology risks, controls, strategies and procedures. The Audit Committee periodically evaluates the Company’s information security strategies to ensure its effectiveness. The Company’s management reports to the Audit Committee as part of every quarterly scheduled meeting of the Audit Committee (or more frequently, as needed) regarding technological risk exposure and cybersecurity risk management strategy. In addition, the full Board may review and assess cybersecurity risks as part of its responsibilities for oversight of the Company’s broad enterprise risk management program. The Company’s IT department, in coordination with the Company’s legal department, Chief Financial Officer (“CFO”), and as needed Steel Partners Holdings’ IT department (collectively, the “Data Breach Response Team”), works collaboratively to promptly respond to any cybersecurity incidents in accordance with the Company’s Cybersecurity Incident Policy. The Company’s response planning is reviewed annually and kept up to date with industry developments. Management’s Expertise The Company’s Senior Vice President, Information Technology, holds a Master’s degree in business administration and industrial psychology. He has served in various roles in information technology for over 26 years. Additionally, he stays informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques as staying informed on developments in the cyber industry is crucial to the Company’s effective prevention, detection, mitigation and remediation of any cybersecurity incidents.

Company Information